Bug 987739
Summary: | [abrt] libwebkit2gtk-2.0.3-2.fc19: WTF::OwnArrayPtr<JSC::WriteBarrier<JSC::Unknown> >::UnspecifiedBoolType: Process /usr/libexec/WebKitWebProcess was killed by signal 11 (SIGSEGV) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael Catanzaro <mcatanzaro+wrong-account-do-not-cc> | ||||||||||||||||
Component: | webkitgtk3 | Assignee: | Matthias Clasen <mclasen> | ||||||||||||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||||||||
Priority: | unspecified | ||||||||||||||||||
Version: | 19 | CC: | fedora, kalevlember, mclasen, tpopela | ||||||||||||||||
Target Milestone: | --- | ||||||||||||||||||
Target Release: | --- | ||||||||||||||||||
Hardware: | x86_64 | ||||||||||||||||||
OS: | Unspecified | ||||||||||||||||||
Whiteboard: | abrt_hash:694cc9e5b86b40435693a68efce98122f2ae7a8a | ||||||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||||||
Clone Of: | Environment: | ||||||||||||||||||
Last Closed: | 2014-03-04 00:34:34 UTC | Type: | --- | ||||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||
Embargoed: | |||||||||||||||||||
Attachments: |
|
Description
Michael Catanzaro
2013-07-24 03:57:20 UTC
Created attachment 777557 [details]
File: backtrace
Created attachment 777558 [details]
File: cgroup
Created attachment 777559 [details]
File: core_backtrace
Created attachment 777560 [details]
File: dso_list
Created attachment 777561 [details]
File: environ
Created attachment 777562 [details]
File: limits
Created attachment 777563 [details]
File: maps
I can't reproduce this with WebKit1 in Rawhide. WebKit2 does indeed crash for me, but for unrelated reasons it seems. Still digging. FWIW, it works in valgrind with WebKit2, so that makes me think it's memory corruption of some sort. gdb and vanilla running is giving me junk in uzbl, so I don't know what happens normally. This is also webkitgtk3-2.1.3-1.fc20.x86_64. Okay, so clicking any of the links makes WebKit1 crash with the backtrace below; clicking in Rawhide's WebKit2 is fine. @Michael: Could you try out Rawhide; it seems that this page is chock full of test cases :) . #0 WebCore::FrameLoader::dispatchDidCommitLoad (this=0x7fd8a0d3c3b0) at Source/WebCore/loader/FrameLoader.cpp:3305 #1 0x00007fd909b96770 in WebCore::FrameLoader::receivedFirstData (this=0x7fd8a0d3c3b0) at Source/WebCore/loader/FrameLoader.cpp:614 #2 0x00007fd909b82208 in WebCore::DocumentLoader::commitData (this=this@entry=0x7fd89f08b000, bytes=bytes@entry=0x7fd8a6362600 "<!doctype html><html itemscope=\"itemscope\" itemtype=\"http://schema.org/WebPage\"><head><meta itemprop=\"image\" content=\"/images/google_favicon_128.png\"><title>Carlos Danger - Google Search</title><scrip"..., length=length@entry=512) at Source/WebCore/loader/DocumentLoader.cpp:783 #3 0x00007fd90949bcf6 in WebKit::FrameLoaderClient::committedLoad (this=0x10bf000, loader=0x7fd89f08b000, data=0x7fd8a6362600 "<!doctype html><html itemscope=\"itemscope\" itemtype=\"http://schema.org/WebPage\"><head><meta itemprop=\"image\" content=\"/images/google_favicon_128.png\"><title>Carlos Danger - Google Search</title><scrip"..., length=512) at Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:165 #4 0x00007fd909b827c7 in WebCore::DocumentLoader::commitLoad (this=0x7fd89f08b000, data=0x7fd8a6362600 "<!doctype html><html itemscope=\"itemscope\" itemtype=\"http://schema.org/WebPage\"><head><meta itemprop=\"image\" content=\"/images/google_favicon_128.png\"><title>Carlos Danger - Google Search</title><scrip"..., length=512) at Source/WebCore/loader/DocumentLoader.cpp:740 #5 0x00007fd909b66ce3 in WebCore::CachedRawResource::notifyClientsDataWasReceived (this=this@entry=0x7fd8a0d45c00, data=data@entry=0x7fd8a6362600 "<!doctype html><html itemscope=\"itemscope\" itemtype=\"http://schema.org/WebPage\"><head><meta itemprop=\"image\" content=\"/images/google_favicon_128.png\"><title>Carlos Danger - Google Search</title><scrip"..., length=512) at Source/WebCore/loader/cache/CachedRawResource.cpp:110 #6 0x00007fd909b66e99 in WebCore::CachedRawResource::addDataBuffer (this=0x7fd8a0d45c00, data=0x7fd89dd6ea98) at Source/WebCore/loader/cache/CachedRawResource.cpp:66 #7 0x00007fd909bd67e3 in WebCore::SubresourceLoader::didReceiveDataOrBuffer (this=0x7fd8a0d45800, data=0xfac330 "<!doctype html><html itemscope=\"itemscope\" itemtype=\"http://schema.org/WebPage\"><head><meta itemprop=\"image\" content=\"/images/google_favicon_128.png\"><title>Carlos Danger - Google Search</title><scrip"..., length=512, prpBuffer=..., encodedDataLength=<optimized out>, dataPayloadType=<optimized out>) at Source/WebCore/loader/SubresourceLoader.cpp:250 #8 0x00007fd909bd693b in WebCore::SubresourceLoader::didReceiveData (this=<optimized out>, data=<optimized out>, length=<optimized out>, encodedDataLength=<optimized out>, dataPayloadType=<optimized out>) at Source/WebCore/loader/SubresourceLoader.cpp:226 #9 0x00007fd909bcbdcc in WebCore::ResourceLoader::didReceiveData (this=0x7fd8a0d45800, data=0xfac330 "<!doctype html><html itemscope=\"itemscope\" itemtype=\"http://schema.org/WebPage\"><head><meta itemprop=\"image\" content=\"/images/google_favicon_128.png\"><title>Carlos Danger - Google Search</title><scrip"..., length=512, encodedDataLength=512) at Source/WebCore/loader/ResourceLoader.cpp:475 #10 0x00007fd90a2eb9f2 in WebCore::readCallback (asyncResult=<optimized out>, data=0x7fd8a0f22288) at Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1343 #11 0x00007fd906b3da16 in async_ready_callback_wrapper (source_object=0x11bda50, res=0x11a0e20, user_data=0x7fd8a0f22288) at ginputstream.c:519 #12 0x00007fd906b5fbf5 in g_task_return_now (task=0x11a0e20) at gtask.c:1108 #13 0x00007fd906b5fc19 in complete_in_idle_cb (task=0x11a0e20) at gtask.c:1117 #14 0x00007fd9063a5f26 in g_main_dispatch (context=0x8b1710) at gmain.c:3064 #15 g_main_context_dispatch (context=context@entry=0x8b1710) at gmain.c:3640 #16 0x00007fd9063a62a8 in g_main_context_iterate (context=0x8b1710, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3711 #17 0x00007fd9063a66ba in g_main_loop_run (loop=0xe46e30) at gmain.c:3905 #18 0x00007fd90834646d in gtk_main () at gtkmain.c:1157 #19 0x0000000000409ba7 in main (argc=2, argv=0x7fff65dc3bd8) at src/uzbl-core.c:297 (In reply to Ben Boeckel from comment #10) > @Michael: Could you try out Rawhide; it seems that this page is chock full > of test cases :) . I'd rather not; I don't have rawhide installed, and as I'm not at all familiar with the massive WebKit codebase, I doubt I would be much help. What browser was this with? I might be able to poke it here. Alternatively, just do a "yum --enablerepo=rawhide upgrade webkitgtk*" (In reply to Ben Boeckel from comment #12) > What browser was this with? I might be able to poke it here. epiphany-3.8.2-1.fc19 (In reply to Ben Boeckel from comment #13) > Alternatively, just do a "yum --enablerepo=rawhide upgrade webkitgtk*" I'll make a VM soon to try rawhide in. Seems to work fine with WebKit2 + WebKit1 (the WebKit1 crash from comment #10 was an uzbl bug) as of version webkitgtk3-2.2.5-1.fc20.x86_64. Is epiphany happy with that version? Yup, this seems to be fixed. |